{"api":{"name":"api.sb","description":"Business-as-Code surface for Startups.Studio","home":"https://api.sb","docs":"https://api.sb/docs","version":"1.0.0"},"$context":"https://api.sb/$context","$type":"FoundingHypothesis","$id":"https://api.sb/founding-hypotheses/fh%3Aw4-5415-compliance-filing%3Av1","links":{"self":"https://api.sb/v1/founding-hypotheses/fh%3Aw4-5415-compliance-filing%3Av1","canonical":"https://api.sb/founding-hypotheses/fh%3Aw4-5415-compliance-filing%3Av1","pool":"https://api.sb/v1/founding-hypotheses"},"foundingHypothesis":{"id":"fh:w4-5415-compliance-filing:v1","lens":"AIService","type":"founding-hypothesis","click":{"rubricScores":{"C8_lensFit":1,"C7_magicLensFit":1,"C4_competitorHonesty":1,"C6_crossSlotCoherence":1,"C1_customerSpecificity":1,"C2_problemFrictionRealism":1,"C9_killCriteriaAttestability":1,"C3_approachEngineCoverability":1,"C5_differentiationLoservilleEscape":1},"upperRightLoserville":true},"cellRef":{"id":"work-contexts.org.ai/w4-5415-compliance-filing","stableHash":"wcc:w4:5415:compliance-filing:v1"},"problem":{"slotStatement":"Compliance analysts spend 3–6 weeks per filing manually stitching evidence from Jira, Confluence, cloud-config exports, and change-tickets into narrative control responses, then losing another week when auditors reject answers that lack a clear line back to the underlying system-of-record artifact."},"approach":{"oneSentence":"An AI filing service that ingests the firm's control framework, ticketing, and cloud-config sources and produces a review-ready filing package where every control narrative is backed by a citation-level traceable record pointing to the exact source artifact and timestamp."},"customer":{"icpShape":"US-based regulated computer-systems design firms (250–2,000 employees) selling to financial-services, healthcare, or federal customers, where the buyer is the VP of Compliance (or Chief Compliance Officer) who owns the filing budget and signs the PO, and the daily user is the Compliance Analyst or Regulatory Affairs Manager preparing SOC 2, HIPAA, FedRAMP, and state-AG AI-disclosure filings.","beachheadShape":"EarlyAdopterJTBD: compliance teams at NAICS-5415 systems-design firms facing a live SOC 2 Type II or FedRAMP Moderate filing deadline in the next 90 days"},"archetype":"startup-archetypes.org.ai/AIService-MoneyOnDelivery","beachhead":"EarlyAdopterJTBD: compliance teams at NAICS-5415 systems-design firms facing a live SOC 2 Type II or FedRAMP Moderate filing deadline in the next 90 days","competitors":{"substitutes":[{"name":"Vanta / Drata continuous-compliance platforms","category":"incumbent"},{"name":"Big-4 and boutique compliance consultants (e.g., Schellman, Coalfire staff augmentation)","category":"human alternative"},{"name":"In-house analysts using ChatGPT Enterprise + Confluence templates","category":"AI-native horizontal"},{"name":"Legacy GRC suites (Archer, ServiceNow GRC) with Word export","category":"status-quo"}]},"studioThesis":"T-BU","killThreshold":{"K":8,"M":30,"N":7,"rubricItemSet":["C1_customerSpecificity","C2_problemFrictionRealism","C3_approachEngineCoverability","C4_competitorHonesty","C5_differentiationLoservilleEscape","C6_crossSlotCoherence","C7_magicLensFit","C8_lensFit","C9_killCriteriaAttestability"],"verdictPolicy":"all-load-bearing-pass-and-overall-ge-X","loadBearingItemSet":["C1_customerSpecificity","C2_problemFrictionRealism","C3_approachEngineCoverability","C4_competitorHonesty","C5_differentiationLoservilleEscape","C6_crossSlotCoherence"],"verdictPolicyVerbatim":"KILL unless every load-bearing rubric item passes per workbook AND overall pass-rate ≥ 7/9 (CASCADE.md §4 Stage 9 commit threshold)."},"lifecycleState":"Active","differentiation":{"twoByTwo":{"xAxis":"Depth of primary-source evidence linkage (every claim traces to a specific Jira ticket, config snapshot, or log line vs. free-text narrative)","yAxis":"Coverage of systems-design-specific control frameworks out-of-the-box (SOC 2 + FedRAMP + HIPAA + state AI-disclosure mapped with pre-built control crosswalks)","winningQuadrant":"High evidence-linkage + High framework coverage: every generated control answer opens to the underlying source artifact AND the same evidence auto-populates across SOC 2, FedRAMP, and HIPAA filings without re-work","loservilleEscape":true,"loservilleQuadrant":"Low evidence-linkage + Low framework coverage: in-house analysts pasting prompts into ChatGPT Enterprise get plausible-sounding narratives with no citation back to Jira/Confluence and must re-do the mapping for every new framework — auditors reject this as unverifiable"}},"unmetRequirements":[],"pricingArchitecture":"usage-meter"},"actions":{},"options":{},"relationships":{"runtimeUnit":"https://api.sb/v1/runtime-units?startupRef=startup%3Afh%3Aw4-5415-compliance-filing%3Av1","brand":"https://api.sb/v1/brands?startupId=startup%3Afh%3Aw4-5415-compliance-filing%3Av1","listing":"https://api.services/listings?foundingHypothesisRef=fh%3Aw4-5415-compliance-filing%3Av1","cell":"https://api.sb/v1/cells/work-contexts.org.ai/w4-5415-compliance-filing","thesis":"https://api.sb/v1/theses/T-BU"},"meta":{"level":"L0","scopes":[]},"user":{"requestId":"a0575a6caff00555","edgeLocation":"a0575a6caff00555","geo":{"country":"US"},"ua":{"browser":"Claude"}},"references":{"total":0,"limit":25,"page":1,"links":{"self":"https://api.sb/v1/founding-hypotheses/fh%3Aw4-5415-compliance-filing%3Av1/references"},"items":[]}}